Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
807
Views
4
Helpful
4
Replies

Logging CBAC sessions

Go to solution
filippos111
Level 1
Level 1

‎03-12-2013 12:23 AM - edited ‎03-07-2019 12:11 PM

Hi folks,

Is there any way to log the output under "Established Sessions" from the show ip inspect sessions command of a 2811 router? By logging i mean recording, or creating some sort of log file in a remote machine in the network.

Regards, Philipp

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
paul driver
VIP
VIP
In response to cadet alain

‎03-12-2013 03:11 AM

Hello,

Cbac audt trail & real time alerts

conf t

ip inspect audit-trail

no ip inspect alert-off

logging on

logging x.x.x.x ( syslog server)

sh ip inspect config

res

Paul

Please don't forget to rate this post if it has been helpful.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

0 Helpful
4 Replies 4

Go to solution
cadet alain
VIP Alumni
VIP Alumni

‎03-12-2013 12:42 AM

Hi,

you could use this to send the output in a text file on a server:

http://www.cisco.com/en/US/docs/ios/fundamentals/command/reference/cf_s1.html#wp1041232

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
0 Helpful

Go to solution
filippos111
Level 1
Level 1
In response to cadet alain

‎03-12-2013 01:33 AM

Thanks for the reply, though I guess the first post was a bit misleading:

From what i understand, your answer refers to copying the terminal output of a any show command, and trasnferring it to a specific url.

What i originally meant was for that information about established CBAC sessions to be automatically transferred to a file in a remote server as it is created, in order for someone to monitor the sessions without logging in to the router.

0 Helpful

Go to solution
cadet alain
VIP Alumni
VIP Alumni
In response to filippos111

‎03-12-2013 02:47 AM

Hi,

the only two logging features I know of are these:

"Q. What logging features are included with Cisco IOS Firewall?

A. Enhanced audit trail features use syslog mechanisms to track  transaction-session termination time stamps, source host, destination  host, ports used, and the total number of transmitted bytes. Real-time  alerts send syslog notifications to central management consoles upon  detection of suspicious activity. This setup gives network managers the  ability to respond immediately to intrusions."

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5708/ps5710/ps1018/prod_qas09186a008010a40e.html

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Go to solution
paul driver
VIP
VIP
In response to cadet alain

‎03-12-2013 03:11 AM

Hello,

Cbac audt trail & real time alerts

conf t

ip inspect audit-trail

no ip inspect alert-off

logging on

logging x.x.x.x ( syslog server)

sh ip inspect config

res

Paul

Please don't forget to rate this post if it has been helpful.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents